When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1437126 | Issue Tracking Vendor Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1812611 | Exploit Issue Tracking Vendor Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1813376 | Issue Tracking Permissions Required |
https://www.mozilla.org/security/advisories/mfsa2023-05/ | Vendor Advisory |
Configurations
History
08 Jun 2023, 16:36
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-05/ - Vendor Advisory | |
References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1812611 - Exploit, Issue Tracking, Vendor Advisory | |
References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1437126 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1813376 - Issue Tracking, Permissions Required | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | |
First Time |
Mozilla
Mozilla firefox |
02 Jun 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-02 17:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-25741
Mitre link : CVE-2023-25741
CVE.ORG link : CVE-2023-25741
JSON object : View
Products Affected
mozilla
- firefox
CWE